ss5代理问题

nwpulotus

我从官网http://ss5.sourceforge.net/上面下载了最新的ss5源码安装包ss5-3.6.4-3.src.rpm
安装完后service ss5 start启动提示

1. /etc/init.d/ss5: line 41: syntax error near unexpected token `;;'
   
2. /etc/init.d/ss5: line 41: `        ;;'
   

复制代码

然后我打开这个文件，里面代码如下

1. #!/bin/sh
   
2. #
   
3. # chkconfig: 345 20 80
   
4. # description: This script takes care of starting \
   
5. #              and stopping ss5
   
6. #
   
7. 
   
8. OS=`uname -s`
   
9. if [ $OS = "Linux" ] || [ $OS = "SunOS" ]; then
   
10. 
    
11. # Source function library.
    
12. . /etc/rc.d/init.d/functions
    
13. 
    
14. # Source networking configuration.
    
15. . /etc/sysconfig/network
    
16. 
    
17. # Check that networking is up.
    
18. [ ${NETWORKING} = "no" ] && exit 0
    
19. 
    
20. [ -f /usr/sbin/ss5 ] || exit 0
    
21. fi
    
22. 
    
23. # Test custom variables
    
24. test -f /etc/sysconfig/ss5 && . /etc/sysconfig/ss5
    
25. 
    
26. # See how we were called.
    
27. case "$1" in
    
28.   start)
    
29.         # Start daemon.
    
30.         echo -n "Starting ss5... "
    
31.         if [ $OS = "Linux" ]; then
    
32.             daemon /usr/sbin/ss5 -t $SS5_OPTS
    
33.             touch /var/lock/subsys/ss5
    
34.         if [ $OS = "SunOS" ]; then
    
35.             /usr/sbin/ss5 -t
    
36.             touch /var/lock/subsys/ss5
    
37.         else
    
38.             /usr/local/sbin/ss5 -t
    
39.         fi
    
40.         echo "done"
    
41.         ;;
    
42.   stop)
    
43.         # Stop daemon.
    
44.         echo "Shutting down ss5... "
    
45.         if [ $OS = "Linux" ] || [ $OS = "SunOS" ]; then
    
46.         killproc ss5
    
47.         rm -f /var/lock/subsys/ss5
    
48.         else
    
49.                 killall ss5
    
50.         fi
    
51.         echo "done"
    
52.         ;;
    
53.   reload)
    
54.         # Reload configuration
    
55.         if [ $OS = "Linux" ] || [ $OS = "SunOS" ]; then
    
56.         echo -n "Reloading ss5... "
    
57.         killproc ss5 -1
    
58.         else
    
59.                 pkill -HUP ss5
    
60.         fi
    
61.         echo "done reload"
    
62.         ;;
    
63.   restart)
    
64.         # Restart daemon
    
65.         echo -n "Restarting ss5... "
    
66.         $0 stop
    
67.         $0 start
    
68.         ;;
    
69.   status)
    
70.         if [ $OS = "Linux" ] || [ $OS = "SunOS" ]; then
    
71.           status ss5
    
72.         fi
    
73.         ;;
    
74.   *)
    
75.         echo "Usage: ss5 {start|stop|status|restart|reload}"
    
76.         exit 1
    
77.         ;;
    
78. esac
    
79. 
    
80. exit 0
    

复制代码

我用的是fedora8

coolzsb

所以就这样了，你仔细看看这个init脚本就知道有问题了。如果你看不出有什么问题的话，就找我以前的那篇ss5的教程，里面的rpm制作部分的patch部分也有对ss5.init进行修改的部分，你看看就清楚了。


签名
---
我觉得这是SS5作者为了让大家都学习一下init脚本制作的知识而故意留下的bug~~~

weekend

start)
        # Start daemon.
        echo -n "Starting ss5... "
        if [ $OS = "Linux" ]; then
            daemon /usr/sbin/ss5 -t $SS5_OPTS
            touch /var/lock/subsys/ss5
       fi
       if [ $OS = "SunOS" ]; then
前面一个if未完结，所以要加个fi结束。

[ 本帖最后由 weekend 于 2008-3-2 16:31 编辑 ]

nwpulotus

噢，正在学习shell编程，麻烦大家了，现在搞定了。

nwpulotus

改成这样子就好了。
# See how we were called.
case "$1" in
  start)
        # Start daemon.
        echo -n "Starting ss5... "
        if [ $OS = "Linux" ]; then
            daemon /usr/sbin/ss5 -t $SS5_OPTS
            touch /var/lock/subsys/ss5
        elif [ $OS = "SunOS" ]; then
            /usr/sbin/ss5 -t
            touch /var/lock/subsys/ss5

但是还是有问题，不太明白ss5它的配置文件在这里不能配置嘛？
很奇怪的问题，我启动ss5，如果ss5.conf是是原始文件，代理是可以用的，但是只要是设置要验证，就是按照coolzsb 的那篇帖子里的设置，代理就不能用了，设置的帐号信息好像不好用，真是不明白。

coolzsb

把你的设置贴出来看看，密码信息记得隐藏

原帖由 nwpulotus 于 2008-3-2 23:17 发表
但是只要是设置要验证，就是按照coolzsb 的那篇帖子里的设置，代理就不能用了，设置的帐号信息好像不好用

签名
---
每个很妖异的问题后面都有一个很弱智的理由

nwpulotus

#
# SECTION       <VARIABLES AND FLAGS>
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
#  TAG: set
#
#       set option name:
#       SS5_DNSORDER       ->   order dns answer
#       SS5_VERBOSE        ->   enable verbose output to be written into logfile
#       SS5_CONSOLE        ->   enable web console
#       SS5_STIMEOUT       ->   set session idle timeout (default 1800 seconds)
#       SS5_LDAP_TIMEOUT   ->   set ldap query timeout
#       SS5_LDAP_BASE      ->   set BASE method for profiling (see PROFILING section)
#                               Is default option!
#       SS5_LDAP_FILTER    ->   set FILTER method for profiling (see PROFILING
#                               section)
#       SS5_PAM_AUTH       ->   set PAM authentication
#       SS5_AUTHCACHEAGE   ->   set age in seconds for authentication cache
#       SS5_AUTHOCACHEAGE  ->   set age in seconds for authorization cache
#       SS5_STICKYAGE      ->   enable affinity session
#       SS5_STICKYSESSION  ->   set age for affinity
#       SS5_PROCESSLIFE    ->   set number of requests process must servs before
#                               closing
#       SS5_NETBIOS_DOMAIN ->   enable netbios domain mapping with directory store,
#                               during autorization process
#
# ///////////////////////////////////////////////////////////////////////////////////

#
# SECTION         <AUTHENTICATION>
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
#  TAG: auth
#
#         auth source host, source port, authentication type
#
#         Some examples:
#
#         Authentication from 10.253.8.0 network
#                   auth 10.253.8.0/22 - u
#
#         Fake authentication from 10.253.0.0 network. In this case, ss5 request
#        authentication but doesn't check for password. Use fake authentication
#        for logging or profiling purpose.
#                   auth 10.253.0.0/16 - n
#
#         Fake authentication: ss5 doesn't check for correct password but fetchs
#        username for profiling.
#                   auth 0.0.0.0/0 - n
#
#  TAG: external_auth_program
#
#         external_auth_program program name and path
#
#         Some examples:
#
#         Use shell file to autheticate user via ldap query
#                   external_auth_program /usr/local/bin/ldap.sh
#
# ///////////////////////////////////////////////////////////////////////////////////
#       SHost           SPort           Authentication
#
auth    0.0.0.0/0               -               u

#
# SECTION        <PROXIES>
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
#  TAG: proxy/noproxy
#
#        proxy/noproxy dst host/network, dst port, socks proxy address, port address, ver
#
#        Some examples:
#
#        Proxy request for 172.0.0.0 network to socks server 10.253.9.240 on port 1081:
#
#           if authentication is request, downstream socks server have to  check it;
#           if resolution is request, downstream socks server does it before proxying
#        the request toward the upstream socks server.
#                   proxy 172.0.0.0/16 - 10.253.9.240 1081
#
#       SS5 makes direct connection to 10.253.0.0 network (in this case, port value is not
#       verified) without using upstream proxy server
#                   noproxy 0.0.0.0/0 - 10.253.0.0/16 1080 -
#
# ///////////////////////////////////////////////////////////////////////////////////
#               DHost/Net                DPort        DProxyip        DProxyPort SocksVer
#
#        proxy        0.0.0.0/0                -        1.1.1.1                -           -

#
# SECTION       <DUMP>
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
#  TAG: dump
#
#       dump dst host/network, dst port, dump mode (0=rx, 1=tx, 2=rx+tx)
#
#       Some examples:
#
#       Dump traffic for 172.30.1.0 network on port 1521:
#
#       if authentication is request, downstream socks server have to  check it;
#       if resolution is request, downstream socks server does it before proxying
#       the request toward the upstream socks server.
#               dump 172.30.1.0/24 1521 2
#
# ///////////////////////////////////////////////////////////////////////////////////
#              DHost/Net               DPort   Dump mode (0=rx,1=tx,2=rx+tx)
#
#       dump   0.0.0.0/0               -       1

#
# SECTION        <ACCESS CONTROL>
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
#  TAG: permit/deny
#        permit/deny src auth flag, host/network, src port, dst host/network, dst port,
#        fixup, group, bandwidth (from 256 bytes per second to 2147483647), expdate
#
#        Some examples:
#
#         FTP Control + Passive Mode
#                permit - 0.0.0.0/0 - 172.0.0.0/8 21 - - - -
#
#        FTP DATA Active Mode
#                permit - 0.0.0.0/0         - 172.0.0.0/8         21         - - - -
#                permit - 172.0.0.0/8         - 0.0.0.0/0         -         - - - -
#
#        Query DNS
#                permit - 0.0.0.0/0 - 172.30.0.1/32 53 - - - -
#
#        Http + fixup
#                permit - 0.0.0.0/0 - www.example.com 80 http - - -
#
#        Http + fixup + profile + bandwidth (bytes x second)
#                permit - 0.0.0.0/0 - www.example.com 80 http admin 10240 -
#
#        Sftp + profile + bandwidth (bytes x second)
#                permit - 0.0.0.0/0 - sftp.example.com 22 - developer 102400 -
#
#        Http + fixup
#                permit - 0.0.0.0/0 - web.example.com 80 - - - -
#
#        Http + fixup + user autentication required with expiration date to 31/12/2006
#                permit u 0.0.0.0/0 - web.example.com 80 - - - 31-12-2006
#
#        Deny all connection to web.example.com
#                deny - 0.0.0.0/0 - web.example.com - - - - -
#
#
# /////////////////////////////////////////////////////////////////////////////////////////////////
#      Auth        SHost                SPort        DHost                DPort        Fixup        Group        Band        ExpDate
#
#permit -        0.0.0.0/0        -        0.0.0.0/0        -        -        -        -        -       
permit u        0.0.0.0/0        -        0.0.0.0/0        -        -        ulimit        -        -       
permit u        0.0.0.0/0        -        0.0.0.0/0        -        -        limit        64000        -       

#
# SECTION        <PROFILING>
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
#        1) File profiling:
#
#        ss5 look for a file name specified in permit line in the /etc/ss5 directory.
#        This file must contain user members. File profiling is the default option.
#
#        2) Ldap profiling:
#
#        ldap_profile_ip             (directory internet address)
#        ldap_profile_port           (directory port)
#        ldap_profile_base           (ss5 replaces % with "group specified in permit line"
#                                if SS5LDAP_BASE if specified, otherwise if
#                                SS5LDAP_FILTER is specified,  it uses base and search
#                                for group as attribute in user entry; see examples)
#        ldap_profile_filter         (ss5 uses filter for search operation)
#        ldap_profile_dn             (directory manager or another user authorized to
#                                query the directory)
#        ldap_profile_pass           ("dn" password)
#        ldap_netbios_domain        (If SS5_NETBIOS_DOMAIN option is set, ss5 map netbios
#                                domain user in authentication request with his configured
#                                directory sever. Otherwise no match is done and
#                                directory are contacted in order of configuration)
#
#        Some examples:
#
#        Directory configuration for ldap profiling with SS5LDAP_BASE option:
#        in this case, ss5 look for attribute uid="username" with base ou="group",
#        dc=example,dc=com where group is specified in permit line as
#        "permit - - - - - group - -
#
#        Note: in this case, attribute value is not userd
#
#                ldap_profile_ip        10.10.10.1
#                ldap_profile_port      389
#                ldap_profile_base      ou=%,dc=example,dc=com
#                ldap_profile_filter    uid
#                ldap_profile_attribute gid
#        userd        ldap_profile_dn        cn=root,dc=example,dc=com
#                ldap_profile_pass      secret
#                ldap_netbios_domain    dir
#
#        Directory configuration for ldap profiling with SS5LDAP_FILTER option:
#        in this case, ss5 look for attributes uid="username" & "gid=group" with
#        base dc=example,dc=com where group is specified in permit line as
#        "permit - - - - - group - -
#
#        Note: you can also use a base like "ou=%,dc=example,dc=com", where %
#        will be replace with "group".
#
#                ldap_profile_ip        10.10.10.1
#                ldap_profile_port      389
#                ldap_profile_base      ou=Users,dc=example,dc=com
#                ldap_profile_filter    uid
#                ldap_profile_attribute gecos
#                ldap_profile_dn        cn=root,dc=example,dc=com
#                ldap_profile_pass      secret
#                ldap_domain_domain     dir
#
#        Sample OpenLdap log:
#        conn=304 op=0 BIND dn="cn=root,dc=example,dc=com" mech=simple ssf=0
#        conn=304 op=0 RESULT tag=97 err=0 text=
#        conn=304 op=1 SRCH base="ou=Users,dc=example,dc=com" scope=1 filter="(&(uid=usr1)(gecos=Users))"
#        conn=304 op=1 SRCH attr=gecos
#
#         where ldap entry is:
#        dn: uid=usr1,ou=Users,dc=example,dc=com
#        uid: usr1
#        cn: usr1
#        objectClass: account
#        objectClass: posixAccount
#        objectClass: top
#        userPassword:: dXNyMQ==
#        loginShell: /bin/bash
#        homeDirectory: /home/usr1
#        uidNumber: 1
#        gidNumber: 1
#        gecos: Users

#
# SECTION        <SERVER BALANCE>
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
#  TAG: virtual
#
#        virtual virtual identification (vid), real ip server
#
#        Some examples:
#
#        Two vip balancing on three real server each one
#                virtual 1 172.30.1.1
#                virtual 1 172.30.1.2
#                virtual 1 172.30.1.3
#
#                virtual 2 172.30.1.6
#                virtual 2 172.30.1.7
#                virtual 2 172.30.1.8
#
#         Note: Server balancing only works with -t option, (threaded mode) and ONLY
#        with "connect" operation.
#
# ///////////////////////////////////////////////////////////////////////////////////
#              Vid        Real ip
#
#vitual        -        -



# SECTION        <PROFILING>
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
#        1) File profiling:
#
#        ss5 look for a file name specified in permit line in the /etc/ss5 directory.
#        This file must contain user members. File profiling is the default option.
我注意到它说ss5在/etc/ss5中查找在permit中用到的文件，而coolzsb发的那个帖子里说的是在/etc/opt/ss5目录下建相应的文件。

7717060

if [ $OS = "Linux" ]; then
            daemon /usr/sbin/ss5 -t $SS5_OPTS
            touch /var/lock/subsys/ss5
        if [ $OS = "SunOS" ]; then
            /usr/sbin/ss5 -t
            touch /var/lock/subsys/ss5
        fi  <-- 少个
        else
            /usr/local/sbin/ss5 -t
        fi
        echo "done"
        ;;

coolzsb

把以下命令的结果贴上来

1. 
   
2. ls -lh /etc/opt/ss5
   
3. su nobody
   
4. more /etc/opt/ss5/limit
   

复制代码

签名
---
应该还是权限的问题，要确保nobody用户有读取/etc/opt/ss5目录下所有文件的权限


签名
---
如果你的ss5的确是最新版本的话，那就应该是这个问题

nwpulotus

以前觉得可能是没有权限，chmod 777 /etc/opt/ss5/ 了下
[root@publiclab ~]# ls /etc/opt/ss5/ -lh
total 24K
-rwxrwxrwx 1 root root   20 2008-03-02 17:37 limit
-rwxrwxrwx 1 root root 9.1K 2008-03-03 00:20 ss5.conf
-rwxrwxrwx 1 root root   56 2008-03-02 23:25 ss5.passwd
-rwxrwxrwx 1 root root    6 2008-03-02 17:33 ulimit
[root@publiclab ~]# su nobody
This account is currently not available.
//vipw nobody 里面显示nobody:99:99:Nobody:/:/sbin/nologin
请赐教。